[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: Re: [Samba] Windows cant access shared directories after changed password with smbpasswd
From: Rowland Penny via samba <samba () lists ! samba ! org>
Date: 2017-06-26 18:51:00
Message-ID: 20170626195100.3397aecc () devstation ! samdom ! example ! com
[Download RAW message or body]
On Mon, 26 Jun 2017 15:33:38 -0300
Cesar Martins <cesar.inacio.martins@gmail.com> wrote:
> 2017-06-26 14:58 GMT-03:00 Rowland Penny via samba
> <samba@lists.samba.org>:
>
> > I think this may be the problem: server max protocol = SMB3_11
> >
> > I feel if you change this to 'server max protocol = NT1' it will
> > most likely work, but you will probably not want to do this.
> >
> > You also posted this:
> >
> > Forcing Primary Group to 'Domain Users' for cinacio
> >
> > From this, it looks like your windows machines are part of an AD
> > domain, so why not turn your Samba standalone server into a Unix
> > domain member server. This way, authentication passes to your AD DC
> > and the passwords are forced to be always in sync. It will also be
> > easier to set ACLs on the fileserver, because you will be able to
> > do this from Windows.
> >
> > See here for more info:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
>
> I tried set the protocol to NT1 before, without success...
> I tried again, just for sure and no effect. (to solve the item 2 )
>
> About include this Samba as part of AD , unfortunately this isn't
> possible because I do not have admin rights here at the company and
> the Admins will not allow add a Linux server into "they" AD , since
> this server is for minor proposes....
>
> Thank you !
> Best Regards
> Cesar
Are the Windows machines under your control ?
Can I also point out that your Windows Sysadmins are fairly typical,
you might want to point out to them that it isn't 'their' domain, it is
the companies ;-)
Can you not go over their heads to your department head ?
Who joins computers to the domain for you ?
Have you told that them that it would be more secure if your server was
part of the domain (it probably wouldn't be, but they will not know
this)
What I am trying to get at is, you will be better off inside a domain,
but from the sound of it, you may have to run your own domain.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic